cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
BeaconBits
Nickel

How packet flow works inside the IPS blade..?

Hello Everyone,

 

I am troubleshooting one of the issue that involve the IPS. 

But I'm unable to understand the IPS behaviour in terms of packet flow inside the IPS blade.

 

Can anyone share the IPS structure in Checkpoint firewall?

The administrative document does not explain well instead of configuration.

 

Regards,

B

0 Kudos
5 Replies
Danny
Pearl

Re: How packet flow works inside the IPS balde..?

  • SecureKnowledge sk95193: ATRG IPS
0 Kudos

Re: How packet flow works inside the IPS balde..?

Hi B,

I take it that you have already consulted the ATRG IPS document and that it has not provided you with the requested information.

Could you elaborate for us what is the exact problem you are facing please in case we can help?

Thanks.

0 Kudos

Re: How packet flow works inside the IPS balde..?

As far as IPS and its related features, it goes more or less like this in R80.10+:

1) Geo Policy Enforcement

2) Inspection Settings enforcement as part of Access Policy

3) Core Activations & ThreatCloud Protections early in the Threat Prevention policy

Please provide what problem you are looking to solve and the gateway version, as IPS is implemented quite differently in R77.30 and earlier.

 

 

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
0 Kudos
Highlighted
Employee+
Employee+

Re: How packet flow works inside the IPS balde..?

More technical, but still very simplified steps. Go ahead and read the IPS ATRG as recommended earlier.

  1. Passive Streaming (PSL)
    1. Re-ordering of packets
  2. Unified Streaming and ASPII
    1. US decides which parser will handle this traffic
    2. ASPII decides which protections to run for this traffic
  3. Protocol Parsers
    1. Parse protocols for RFC compliance etc. and recognize contexts.
    2. Inspection settings and core protections are executed here.
  4. CMI
    1.  Receives contexts from parsers.
    2. Executes relevant protections to traffic
    3. Returns result to parsers
0 Kudos
Admin
Admin

Re: How packet flow works inside the IPS blade..?